This is a remote position.
JobSummary
Our customer requires thirdparty expertise inMicrosoft Sentinel skills to define build and test security usecases in collaboration with the wider security functions defined inthe operating model.
These thirdpartyengineering services will coordinate with team members acrossSecure Place Comms and Collab and SMI as these are the keystakeholders defined in the Cyber SOC Factory Model they are theprimary contributors/users of its inputs/outputs along with variousother product and operational teams to discover and prioritisesecurity use cases achieved through analysis of data sources beingingested into customer s Microsoft Sentinel instance. This willensure they have relevant mitigating controls in place for risksand control gaps defined as part of our Security Risk Managementprocess.
THIS IS A SoW BASEDENGAGEMENT AND PAYMENTS ARE MILESTONE BASIS I.E. AGAINST CUSTOMERAPPROVED DELIVERY NOTE FOR EACHMILESTONE.
Responsibilities& Duties
Procure Security Engineering support toundertake the tasks to define and build security use cases withinMS Sentinel by analysing data sources and events from across all ofcustomer s integrating products.With abuiltin knowledge transfer element to pass knowledge and skills tocustomer s engineering colleagues. Work will be outcome based andpayments will be tied to deliverymilestones.
Strategic:
Analyse customer srequirements and priorities to collaborate in delivering againsttheir wider strategicroadmap.
Help configure and developcustomer s Azure Subscription that hosts their Sentinel productioninstance
Mature customer s monitoringalerting hunting reporting based on data ingested into Sentinel(specifically on Azure/M365logs)
Improve customer s securitystatus by reducing risks and attacks against their Azure / M365environments
Help discover threat vectorsto customer s Azure / M365environments
Provide guidance on how tobest meet industry best practices for the deployment andoperational live service of Sentinel
Tactical:
CoDesign Develop Deploy andReview Sentinel Analyticsrules
CoDesign Develop Deploy andReview Sentinel Workbooks andNotebooks
CoDesign Develop Deploy andReview Sentinel automation and integrationplaybooks
Configure and optimise(health and cost) our Sentinel connected Log AnalyticsWorkspace
CoDesign Develop Deploy andReview our Syslog Connector
EssentialSkills
·Prior experiencein analyzing customer s requirements and priorities to collaboratein delivering against our wider strategicroadmap
·Prior experiencein configuring and developing Azure Subscription that hostscustomer s Sentinel productioninstances.
·Excellent inmonitoring alerting hunting reporting based on data ingested intoSentinel (Specifically on Azure/M365logs)
·Prior expertisein providing customer s security status by reducing risks andattacks against customer s Azure/M365environment.
·Discoveringthreat vectors to customer s Azure / M365environment.
·CoDesign DevelopDeploy and Review Sentinel Analyticsrules.
·CoDesign DevelopDeploy and Review Sentinel Workbooks andNotebooks
·CoDesign DevelopDeploy and Review Sentinel automation and integrationplaybooks
·Configure andoptimize (health and cost) customer s Sentinel connected LogAnalyticsWorkspace
·CoDesign DevelopDeploy and Review our SysLogConnector
·Experience usingsecurity products such as XDR EDR IDS/IPSSOAR
·Deepunderstanding of risk assessment and managementmethods
·Experienceworking with various multidisciplined teams in an agilemanner
·Regulatorycompliance experience such as GDPR NIST ISO27001.
·Proficiency inKQL for advanced querywriting
·Proven abilityin designing developing and automation incident responseplaybooks
·Experiencesecuring environments across multiple cloudproviders
Nice to haveSkills
·Producingtechnical documentation in alignment with organizationalstandards.
·Taking leadduring technical workshops to define specific use caserequirements
·Highlightingtechnical or process dependencies and working with businessstakeholders to negotiateresolutions
·Proposingoptimal reporting methods of delivered security use cases todemonstrate controleffectiveness
·Knowledge ofITSM products such asServiceNow
·Experience indesigning and implementing machine learning models or advancedanalytics for anomalydetection
·Knowledge ofother SIEMplatforms
·Experience inleading or managing a SOC with a deep understanding of SOCworkflows KPIs and operationalchallenges
·Knowledge ofsecuring containerisedenvironments
Background CheckRequired
NotRequired
Benefits
·Weekly Hours: 40Hours.
·Day Rate: £ 825.00plus VAT allinclusivebasis.
·Over time: Yes (subject toproject manager s writtenapproval)
·Expenses Allowed:No
·Extension:Possible
·Language: Fluent inEnglish.
·IR35 regulationapplicable.
AdditionalAssessment
·Interview
·Presentation
EvaluationWeighting
·Technical competence60%
·Cultural fit20%
·Price20%